:caller_reference - required - (String) A unique number that ensures the request can't be replayed. If the CallerReference is new (no matter the content of the CloudFrontOriginAccessIdentityConfig object), a new origin access identity is created. If the CallerReference is a value you already sent in a previous request to create an identity, and the content of the CloudFrontOriginAccessIdentityConfig is identical to the original request (ignoring white space), the response includes the same information returned to the original request. If the CallerReference is a value you already sent in a previous request to create an identity but the content of the CloudFrontOriginAccessIdentityConfig is different from the original request, CloudFront returns a CloudFrontOriginAccessIdentityAlreadyExists error.

:comment - required - (String) Any comments you want to include about the origin access identity.

:caller_reference - required - (String) A unique number that ensures the request can't be replayed. If the CallerReference is new (no matter the content of the DistributionConfig object), a new distribution is created. If the CallerReference is a value you already sent in a previous request to create a distribution, and the content of the DistributionConfig is identical to the original request (ignoring white space), the response includes the same information returned to the original request. If the CallerReference is a value you already sent in a previous request to create a distribution but the content of the DistributionConfig is different from the original request, CloudFront returns a DistributionAlreadyExists error.

:quantity - required - (Integer) The number of CNAMEs, if any, for this distribution.

:items - (Array<String>) Optional: A complex type that contains CNAME elements, if any, for this distribution. If Quantity is 0, you can omit Items.

:CNAME - (String)

:default_root_object - required - (String) The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL for your distribution (http://www.example.com) instead of an object in your distribution (http://www.example.com/index.html). Specifying a default root object avoids exposing the contents of your distribution. If you don't want to specify a default root object when you create a distribution, include an empty DefaultRootObject element. To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject element. To replace the default root object, update the distribution configuration and specify the new object.

:origins - required - (Hash) A complex type that contains information about origins for this distribution.

:quantity - required - (Integer) The number of origins for this distribution.

:items - (Array<Hash>) A complex type that contains origins for this distribution.

:Origin - (Hash)

:id - required - (String) A unique identifier for the origin. The value of Id must be unique within the distribution. You use the value of Id when you create a cache behavior. The Id identifies the origin that CloudFront routes a request to when the request matches the path pattern for that cache behavior.

:domain_name - required - (String) Amazon S3 origins: The DNS name of the Amazon S3 bucket from which you want CloudFront to get objects for this origin, for example, myawsbucket.s3.amazonaws.com. Custom origins: The DNS domain name for the HTTP server from which you want CloudFront to get objects for this origin, for example, www.example.com.

:s3_origin_config - (Hash) A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin, use the CustomOriginConfig element instead.

:origin_access_identity - required - (String) The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that end users can only access objects in an Amazon S3 bucket through CloudFront. If you want end users to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity element. To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity element. To replace the origin access identity, update the distribution configuration and specify the new origin access identity.

:custom_origin_config - (Hash) A complex type that contains information about a custom origin. If the origin is an Amazon S3 bucket, use the S3OriginConfig element instead.

:default_cache_behavior - required - (Hash) A complex type that describes the default cache behavior if you do not specify a CacheBehavior element or if files don't match any of the values of PathPattern in CacheBehavior elements.You must create exactly one default cache behavior.

:target_origin_id - required - (String) The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

:forward - required - (String) Use this element to specify whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If you choose All, CloudFront forwards all cookies regardless of how many your application uses. Valid values include:

none

whitelist

all

:whitelisted_names - (Hash) A complex type that specifies the whitelisted cookies, if any, that you want CloudFront to forward to your origin that is associated with this cache behavior.

:quantity - required - (Integer) The number of whitelisted cookies for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains whitelisted cookies for this cache behavior. If Quantity is 0, you can omit Items.

:Name - (String)

:trusted_signers - required - (Hash) A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items. For more information, go to Using a Signed URL to Serve Private Content in the Amazon CloudFront Developer Guide. If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false ), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

:enabled - required - (Boolean) Specifies whether you want to require end users to use signed URLs to access the files specified by PathPattern and TargetOriginId.

:quantity - required - (Integer) The number of trusted signers for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains trusted signers for this cache behavior. If Quantity is 0, you can omit Items.

:AwsAccountNumber - (String)

:viewer_protocol_policy - required - (String) Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. If you want CloudFront to allow end users to use any available protocol, specify allow-all. If you want CloudFront to require HTTPS, specify https. Valid values include:

allow-all

https-only

:min_ttl - required - (Integer) The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.You can specify a value from 0 to 3,153,600,000 seconds (100 years).

:allowed_methods - (Hash)

:quantity - required - (Integer) The number of HTTP methods that you want CloudFront to forward to your origin. Valid values are 2 (for GET and HEAD requests) and 7 (for DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT requests).

:items - (Array<String>) A complex type that contains the HTTP methods that you want CloudFront to process and forward to your origin.

:Method - (String)

:smooth_streaming - (Boolean) Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true ; if not, specify false .

:quantity - required - (Integer) The number of cache behaviors for this distribution.

:items - (Array<Hash>) Optional: A complex type that contains cache behaviors for this distribution. If Quantity is 0, you can omit Items.

:CacheBehavior - (Hash)

:path_pattern - required - (String) The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to. When CloudFront receives an end-user request, the requested path is compared with path patterns in the order in which cache behaviors are listed in the distribution. The path pattern for the default cache behavior is * and cannot be changed. If the request for an object does not match the path pattern for any cache behaviors, CloudFront applies the behavior in the default cache behavior.

:target_origin_id - required - (String) The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

:forward - required - (String) Use this element to specify whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If you choose All, CloudFront forwards all cookies regardless of how many your application uses. Valid values include:

none

whitelist

all

:whitelisted_names - (Hash) A complex type that specifies the whitelisted cookies, if any, that you want CloudFront to forward to your origin that is associated with this cache behavior.

:quantity - required - (Integer) The number of whitelisted cookies for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains whitelisted cookies for this cache behavior. If Quantity is 0, you can omit Items.

:Name - (String)

:trusted_signers - required - (Hash) A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items. For more information, go to Using a Signed URL to Serve Private Content in the Amazon CloudFront Developer Guide. If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false ), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

:enabled - required - (Boolean) Specifies whether you want to require end users to use signed URLs to access the files specified by PathPattern and TargetOriginId.

:quantity - required - (Integer) The number of trusted signers for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains trusted signers for this cache behavior. If Quantity is 0, you can omit Items.

:AwsAccountNumber - (String)

:viewer_protocol_policy - required - (String) Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. If you want CloudFront to allow end users to use any available protocol, specify allow-all. If you want CloudFront to require HTTPS, specify https. Valid values include:

allow-all

https-only

:min_ttl - required - (Integer) The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.You can specify a value from 0 to 3,153,600,000 seconds (100 years).

:allowed_methods - (Hash)

:quantity - required - (Integer) The number of HTTP methods that you want CloudFront to forward to your origin. Valid values are 2 (for GET and HEAD requests) and 7 (for DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT requests).

:items - (Array<String>) A complex type that contains the HTTP methods that you want CloudFront to process and forward to your origin.

:Method - (String)

:smooth_streaming - (Boolean) Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true ; if not, specify false .

:custom_error_responses - (Hash) A complex type that contains zero or more CustomErrorResponse elements.

:quantity - required - (Integer) The number of custom error responses for this distribution.

:items - (Array<Hash>) Optional: A complex type that contains custom error responses for this distribution. If Quantity is 0, you can omit Items.

:CustomErrorResponse - (Hash)

:error_code - required - (Integer) The 4xx or 5xx HTTP status code that you want to customize. For a list of HTTP status codes that you can customize, see CloudFront documentation.

:response_page_path - (String) The path of the custom error page (for example, /custom_404.html). The path is relative to the distribution and must begin with a slash (/). If the path includes any non-ASCII characters or unsafe characters as defined in RFC 1783 (http://www.ietf.org/rfc/rfc1738.txt), URL encode those characters. Do not URL encode any other characters in the path, or CloudFront will not return the custom error page to the viewer.

:response_code - (String) The HTTP status code that you want CloudFront to return with the custom error page to the viewer. For a list of HTTP status codes that you can replace, see CloudFront Documentation.

:error_caching_min_ttl - (Integer) The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. You can specify a value from 0 to 31,536,000.

:comment - required - (String) Any comments you want to include about the distribution.

:logging - required - (Hash) A complex type that controls whether access logs are written for the distribution.

:enabled - required - (Boolean) Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you do not want to enable logging when you create a distribution or if you want to disable logging for an existing distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket, prefix and IncludeCookies, the values are automatically deleted.

:include_cookies - required - (Boolean) Specifies whether you want CloudFront to include cookies in access logs, specify true for IncludeCookies. If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you do not want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify false for IncludeCookies.

:prefix - required - (String) An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/. If you want to enable logging, but you do not want to specify a prefix, you still must include an empty Prefix element in the Logging element.

:iam_certificate_id - (String) The IAM certificate identifier of the custom viewer certificate for this distribution.

:cloud_front_default_certificate - (Boolean) Set to true if you want to use the default *.cloudfront.net viewer certificate for this distribution. Omit this value if you are setting an IAMCertificateId.

:restrictions - (Hash)

:geo_restriction - required - (Hash)

:restriction_type - required - (String) The method that you want to use to restrict distribution of your content by country: - none: No geo restriction is enabled, meaning access to content is not restricted by client geo location. - blacklist: The Location elements specify the countries in which you do not want CloudFront to distribute your content. - whitelist: The Location elements specify the countries in which you want CloudFront to distribute your content. Valid values include:

blacklist

whitelist

none

:quantity - required - (Integer) When geo restriction is enabled, this is the number of countries in your whitelist or blacklist. Otherwise, when it is not enabled, Quantity is 0, and you can omit Items.

:items - (Array<String>) A complex type that contains a Location element for each country in which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). The Location element is a two-letter, uppercase country code for a country that you want to include in your blacklist or whitelist. Include one Location element for each country. CloudFront and MaxMind both use ISO 3166 country codes. For the current list of countries and the corresponding codes, see ISO 3166-1-alpha-2 code on the International Organization for Standardization website. You can also refer to the country list in the CloudFront console, which includes both country names and codes.

:paths - required - (Hash) The path of the object to invalidate. The path is relative to the distribution and must begin with a slash (/). You must enclose each invalidation object with the Path element tags. If the path includes non-ASCII characters or unsafe characters as defined in RFC 1783 (http://www.ietf.org/rfc/rfc1738.txt), URL encode those characters. Do not URL encode any other characters in the path, or CloudFront will not invalidate the old version of the updated object.

:quantity - required - (Integer) The number of objects that you want to invalidate.

:items - (Array<String>) A complex type that contains a list of the objects that you want to invalidate.

:Path - (String)

:caller_reference - required - (String) A unique name that ensures the request can't be replayed. If the CallerReference is new (no matter the content of the Path object), a new distribution is created. If the CallerReference is a value you already sent in a previous request to create an invalidation batch, and the content of each Path element is identical to the original request, the response includes the same information returned to the original request. If the CallerReference is a value you already sent in a previous request to create a distribution but the content of any Path is different from the original request, CloudFront returns an InvalidationBatchAlreadyExists error.

:caller_reference - required - (String) A unique number that ensures the request can't be replayed. If the CallerReference is new (no matter the content of the StreamingDistributionConfig object), a new streaming distribution is created. If the CallerReference is a value you already sent in a previous request to create a streaming distribution, and the content of the StreamingDistributionConfig is identical to the original request (ignoring white space), the response includes the same information returned to the original request. If the CallerReference is a value you already sent in a previous request to create a streaming distribution but the content of the StreamingDistributionConfig is different from the original request, CloudFront returns a DistributionAlreadyExists error.

:s3_origin - required - (Hash) A complex type that contains information about the Amazon S3 bucket from which you want CloudFront to get your media files for distribution.

:quantity - required - (Integer) The number of CNAMEs, if any, for this distribution.

:items - (Array<String>) Optional: A complex type that contains CNAME elements, if any, for this distribution. If Quantity is 0, you can omit Items.

:CNAME - (String)

:comment - required - (String) Any comments you want to include about the streaming distribution.

:logging - required - (Hash) A complex type that controls whether access logs are written for the streaming distribution.

:enabled - required - (Boolean) Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you do not want to enable logging when you create a streaming distribution or if you want to disable logging for an existing streaming distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket and Prefix, the values are automatically deleted.

:prefix - required - (String) An optional string that you want CloudFront to prefix to the access log filenames for this streaming distribution, for example, myprefix/. If you want to enable logging, but you do not want to specify a prefix, you still must include an empty Prefix element in the Logging element.

:trusted_signers - required - (Hash) A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items. For more information, go to Using a Signed URL to Serve Private Content in the Amazon CloudFront Developer Guide. If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false ), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

:enabled - required - (Boolean) Specifies whether you want to require end users to use signed URLs to access the files specified by PathPattern and TargetOriginId.

:quantity - required - (Integer) The number of trusted signers for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains trusted signers for this cache behavior. If Quantity is 0, you can omit Items.

:marker - (String) Use this when paginating results to indicate where to begin in your list of origin access identities. The results include identities in the list that occur after the marker. To get the next page of results, set the Marker to the value of the NextMarker from the current page's response (which is also the ID of the last identity on that page).

:max_items - (Integer) The maximum number of origin access identities you want in the response body.

:marker - (String) Use this when paginating results to indicate where to begin in your list of distributions. The results include distributions in the list that occur after the marker. To get the next page of results, set the Marker to the value of the NextMarker from the current page's response (which is also the ID of the last distribution on that page).

:max_items - (Integer) The maximum number of distributions you want in the response body.

:marker - (String) Use this parameter when paginating results to indicate where to begin in your list of invalidation batches. Because the results are returned in decreasing order from most recent to oldest, the most recent results are on the first page, the second page will contain earlier results, and so on. To get the next page of results, set the Marker to the value of the NextMarker from the current page's response. This value is the same as the ID of the last invalidation batch on that page.

:max_items - (Integer) The maximum number of invalidation batches you want in the response body.

:marker - (String) Use this when paginating results to indicate where to begin in your list of streaming distributions. The results include distributions in the list that occur after the marker. To get the next page of results, set the Marker to the value of the NextMarker from the current page's response (which is also the ID of the last distribution on that page).

:max_items - (Integer) The maximum number of streaming distributions you want in the response body.

:caller_reference - required - (String) A unique number that ensures the request can't be replayed. If the CallerReference is new (no matter the content of the CloudFrontOriginAccessIdentityConfig object), a new origin access identity is created. If the CallerReference is a value you already sent in a previous request to create an identity, and the content of the CloudFrontOriginAccessIdentityConfig is identical to the original request (ignoring white space), the response includes the same information returned to the original request. If the CallerReference is a value you already sent in a previous request to create an identity but the content of the CloudFrontOriginAccessIdentityConfig is different from the original request, CloudFront returns a CloudFrontOriginAccessIdentityAlreadyExists error.

:comment - required - (String) Any comments you want to include about the origin access identity.

:id - required - (String) The identity's id.

:if_match - (String) The value of the ETag header you received when retrieving the identity's configuration. For example: E2QWRUHAPOMQZL.

:caller_reference - required - (String) A unique number that ensures the request can't be replayed. If the CallerReference is new (no matter the content of the DistributionConfig object), a new distribution is created. If the CallerReference is a value you already sent in a previous request to create a distribution, and the content of the DistributionConfig is identical to the original request (ignoring white space), the response includes the same information returned to the original request. If the CallerReference is a value you already sent in a previous request to create a distribution but the content of the DistributionConfig is different from the original request, CloudFront returns a DistributionAlreadyExists error.

:quantity - required - (Integer) The number of CNAMEs, if any, for this distribution.

:items - (Array<String>) Optional: A complex type that contains CNAME elements, if any, for this distribution. If Quantity is 0, you can omit Items.

:CNAME - (String)

:default_root_object - required - (String) The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL for your distribution (http://www.example.com) instead of an object in your distribution (http://www.example.com/index.html). Specifying a default root object avoids exposing the contents of your distribution. If you don't want to specify a default root object when you create a distribution, include an empty DefaultRootObject element. To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject element. To replace the default root object, update the distribution configuration and specify the new object.

:origins - required - (Hash) A complex type that contains information about origins for this distribution.

:quantity - required - (Integer) The number of origins for this distribution.

:items - (Array<Hash>) A complex type that contains origins for this distribution.

:Origin - (Hash)

:id - required - (String) A unique identifier for the origin. The value of Id must be unique within the distribution. You use the value of Id when you create a cache behavior. The Id identifies the origin that CloudFront routes a request to when the request matches the path pattern for that cache behavior.

:domain_name - required - (String) Amazon S3 origins: The DNS name of the Amazon S3 bucket from which you want CloudFront to get objects for this origin, for example, myawsbucket.s3.amazonaws.com. Custom origins: The DNS domain name for the HTTP server from which you want CloudFront to get objects for this origin, for example, www.example.com.

:s3_origin_config - (Hash) A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin, use the CustomOriginConfig element instead.

:origin_access_identity - required - (String) The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that end users can only access objects in an Amazon S3 bucket through CloudFront. If you want end users to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity element. To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity element. To replace the origin access identity, update the distribution configuration and specify the new origin access identity.

:custom_origin_config - (Hash) A complex type that contains information about a custom origin. If the origin is an Amazon S3 bucket, use the S3OriginConfig element instead.

:default_cache_behavior - required - (Hash) A complex type that describes the default cache behavior if you do not specify a CacheBehavior element or if files don't match any of the values of PathPattern in CacheBehavior elements.You must create exactly one default cache behavior.

:target_origin_id - required - (String) The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

:forward - required - (String) Use this element to specify whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If you choose All, CloudFront forwards all cookies regardless of how many your application uses. Valid values include:

none

whitelist

all

:whitelisted_names - (Hash) A complex type that specifies the whitelisted cookies, if any, that you want CloudFront to forward to your origin that is associated with this cache behavior.

:quantity - required - (Integer) The number of whitelisted cookies for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains whitelisted cookies for this cache behavior. If Quantity is 0, you can omit Items.

:Name - (String)

:trusted_signers - required - (Hash) A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items. For more information, go to Using a Signed URL to Serve Private Content in the Amazon CloudFront Developer Guide. If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false ), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

:enabled - required - (Boolean) Specifies whether you want to require end users to use signed URLs to access the files specified by PathPattern and TargetOriginId.

:quantity - required - (Integer) The number of trusted signers for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains trusted signers for this cache behavior. If Quantity is 0, you can omit Items.

:AwsAccountNumber - (String)

:viewer_protocol_policy - required - (String) Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. If you want CloudFront to allow end users to use any available protocol, specify allow-all. If you want CloudFront to require HTTPS, specify https. Valid values include:

allow-all

https-only

:min_ttl - required - (Integer) The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.You can specify a value from 0 to 3,153,600,000 seconds (100 years).

:allowed_methods - (Hash)

:quantity - required - (Integer) The number of HTTP methods that you want CloudFront to forward to your origin. Valid values are 2 (for GET and HEAD requests) and 7 (for DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT requests).

:items - (Array<String>) A complex type that contains the HTTP methods that you want CloudFront to process and forward to your origin.

:Method - (String)

:smooth_streaming - (Boolean) Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true ; if not, specify false .

:quantity - required - (Integer) The number of cache behaviors for this distribution.

:items - (Array<Hash>) Optional: A complex type that contains cache behaviors for this distribution. If Quantity is 0, you can omit Items.

:CacheBehavior - (Hash)

:path_pattern - required - (String) The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to. When CloudFront receives an end-user request, the requested path is compared with path patterns in the order in which cache behaviors are listed in the distribution. The path pattern for the default cache behavior is * and cannot be changed. If the request for an object does not match the path pattern for any cache behaviors, CloudFront applies the behavior in the default cache behavior.

:target_origin_id - required - (String) The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

:forward - required - (String) Use this element to specify whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If you choose All, CloudFront forwards all cookies regardless of how many your application uses. Valid values include:

none

whitelist

all

:whitelisted_names - (Hash) A complex type that specifies the whitelisted cookies, if any, that you want CloudFront to forward to your origin that is associated with this cache behavior.

:quantity - required - (Integer) The number of whitelisted cookies for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains whitelisted cookies for this cache behavior. If Quantity is 0, you can omit Items.

:Name - (String)

:trusted_signers - required - (Hash) A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items. For more information, go to Using a Signed URL to Serve Private Content in the Amazon CloudFront Developer Guide. If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false ), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

:enabled - required - (Boolean) Specifies whether you want to require end users to use signed URLs to access the files specified by PathPattern and TargetOriginId.

:quantity - required - (Integer) The number of trusted signers for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains trusted signers for this cache behavior. If Quantity is 0, you can omit Items.

:AwsAccountNumber - (String)

:viewer_protocol_policy - required - (String) Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. If you want CloudFront to allow end users to use any available protocol, specify allow-all. If you want CloudFront to require HTTPS, specify https. Valid values include:

allow-all

https-only

:min_ttl - required - (Integer) The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.You can specify a value from 0 to 3,153,600,000 seconds (100 years).

:allowed_methods - (Hash)

:quantity - required - (Integer) The number of HTTP methods that you want CloudFront to forward to your origin. Valid values are 2 (for GET and HEAD requests) and 7 (for DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT requests).

:items - (Array<String>) A complex type that contains the HTTP methods that you want CloudFront to process and forward to your origin.

:Method - (String)

:smooth_streaming - (Boolean) Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true ; if not, specify false .

:custom_error_responses - (Hash) A complex type that contains zero or more CustomErrorResponse elements.

:quantity - required - (Integer) The number of custom error responses for this distribution.

:items - (Array<Hash>) Optional: A complex type that contains custom error responses for this distribution. If Quantity is 0, you can omit Items.

:CustomErrorResponse - (Hash)

:error_code - required - (Integer) The 4xx or 5xx HTTP status code that you want to customize. For a list of HTTP status codes that you can customize, see CloudFront documentation.

:response_page_path - (String) The path of the custom error page (for example, /custom_404.html). The path is relative to the distribution and must begin with a slash (/). If the path includes any non-ASCII characters or unsafe characters as defined in RFC 1783 (http://www.ietf.org/rfc/rfc1738.txt), URL encode those characters. Do not URL encode any other characters in the path, or CloudFront will not return the custom error page to the viewer.

:response_code - (String) The HTTP status code that you want CloudFront to return with the custom error page to the viewer. For a list of HTTP status codes that you can replace, see CloudFront Documentation.

:error_caching_min_ttl - (Integer) The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. You can specify a value from 0 to 31,536,000.

:comment - required - (String) Any comments you want to include about the distribution.

:logging - required - (Hash) A complex type that controls whether access logs are written for the distribution.

:enabled - required - (Boolean) Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you do not want to enable logging when you create a distribution or if you want to disable logging for an existing distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket, prefix and IncludeCookies, the values are automatically deleted.

:include_cookies - required - (Boolean) Specifies whether you want CloudFront to include cookies in access logs, specify true for IncludeCookies. If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you do not want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify false for IncludeCookies.

:prefix - required - (String) An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/. If you want to enable logging, but you do not want to specify a prefix, you still must include an empty Prefix element in the Logging element.

:iam_certificate_id - (String) The IAM certificate identifier of the custom viewer certificate for this distribution.

:cloud_front_default_certificate - (Boolean) Set to true if you want to use the default *.cloudfront.net viewer certificate for this distribution. Omit this value if you are setting an IAMCertificateId.

:restrictions - (Hash)

:geo_restriction - required - (Hash)

:restriction_type - required - (String) The method that you want to use to restrict distribution of your content by country: - none: No geo restriction is enabled, meaning access to content is not restricted by client geo location. - blacklist: The Location elements specify the countries in which you do not want CloudFront to distribute your content. - whitelist: The Location elements specify the countries in which you want CloudFront to distribute your content. Valid values include:

blacklist

whitelist

none

:quantity - required - (Integer) When geo restriction is enabled, this is the number of countries in your whitelist or blacklist. Otherwise, when it is not enabled, Quantity is 0, and you can omit Items.

:items - (Array<String>) A complex type that contains a Location element for each country in which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). The Location element is a two-letter, uppercase country code for a country that you want to include in your blacklist or whitelist. Include one Location element for each country. CloudFront and MaxMind both use ISO 3166 country codes. For the current list of countries and the corresponding codes, see ISO 3166-1-alpha-2 code on the International Organization for Standardization website. You can also refer to the country list in the CloudFront console, which includes both country names and codes.

:Location - (String)

:id - required - (String) The distribution's id.

:if_match - (String) The value of the ETag header you received when retrieving the distribution's configuration. For example: E2QWRUHAPOMQZL.

:caller_reference - required - (String) A unique number that ensures the request can't be replayed. If the CallerReference is new (no matter the content of the StreamingDistributionConfig object), a new streaming distribution is created. If the CallerReference is a value you already sent in a previous request to create a streaming distribution, and the content of the StreamingDistributionConfig is identical to the original request (ignoring white space), the response includes the same information returned to the original request. If the CallerReference is a value you already sent in a previous request to create a streaming distribution but the content of the StreamingDistributionConfig is different from the original request, CloudFront returns a DistributionAlreadyExists error.

:s3_origin - required - (Hash) A complex type that contains information about the Amazon S3 bucket from which you want CloudFront to get your media files for distribution.

:quantity - required - (Integer) The number of CNAMEs, if any, for this distribution.

:items - (Array<String>) Optional: A complex type that contains CNAME elements, if any, for this distribution. If Quantity is 0, you can omit Items.

:CNAME - (String)

:comment - required - (String) Any comments you want to include about the streaming distribution.

:logging - required - (Hash) A complex type that controls whether access logs are written for the streaming distribution.

:enabled - required - (Boolean) Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you do not want to enable logging when you create a streaming distribution or if you want to disable logging for an existing streaming distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket and Prefix, the values are automatically deleted.

:prefix - required - (String) An optional string that you want CloudFront to prefix to the access log filenames for this streaming distribution, for example, myprefix/. If you want to enable logging, but you do not want to specify a prefix, you still must include an empty Prefix element in the Logging element.

:trusted_signers - required - (Hash) A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items. For more information, go to Using a Signed URL to Serve Private Content in the Amazon CloudFront Developer Guide. If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false ), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

:enabled - required - (Boolean) Specifies whether you want to require end users to use signed URLs to access the files specified by PathPattern and TargetOriginId.

:quantity - required - (Integer) The number of trusted signers for this cache behavior.

:items - (Array<String>) Optional: A complex type that contains trusted signers for this cache behavior. If Quantity is 0, you can omit Items.